No, totally secure software is not possible (aside from trivial applications). However, it is possible to write software which, given our current knowledge and technology, would take all of the computing capacity of the world longer than the predicted lifetime of the earth to successfully attack.
DJB is a deadline-be-damned-I'm-all-about-the-security type of guy. He'd be great for security, but terrible for the overall product. It would take DJB's team (assuming he would even relax control long enough to have a team) more time to make the product than customers would be willing to wait, or it would be more expensive to build than customers could afford. Another vendor's product would steal all the market share, and no one would be left to use his now ultra-secure product.
I'm a deadline-be-damned-I'm-all-about-the-security type of guy too, but oddly enough I still have people paying to use tarsnap. (Maybe this is because I wrote tarsnap myself rather than assembling a team?)
While I hate to disagree with such a credentialed author (I mean, gosh, he's a CPA, CISSP, CEH, CHFI, TICSA, and MCSE:Security -- he must know what he's talking about, right?) I think he's getting cause and effect backwards here. Yes, there is very little secure code available; but that's not because vendors have decided that writing secure code is too hard. It's simply because their customers don't hold software companies accountable for severe product flaws.
DJB is a deadline-be-damned-I'm-all-about-the-security type of guy. He'd be great for security, but terrible for the overall product. It would take DJB's team (assuming he would even relax control long enough to have a team) more time to make the product than customers would be willing to wait, or it would be more expensive to build than customers could afford. Another vendor's product would steal all the market share, and no one would be left to use his now ultra-secure product.
I'm a deadline-be-damned-I'm-all-about-the-security type of guy too, but oddly enough I still have people paying to use tarsnap. (Maybe this is because I wrote tarsnap myself rather than assembling a team?)
While I hate to disagree with such a credentialed author (I mean, gosh, he's a CPA, CISSP, CEH, CHFI, TICSA, and MCSE:Security -- he must know what he's talking about, right?) I think he's getting cause and effect backwards here. Yes, there is very little secure code available; but that's not because vendors have decided that writing secure code is too hard. It's simply because their customers don't hold software companies accountable for severe product flaws.